[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Tom Knight is correct that the key generation process is
a good place to hide a weakness. If I remember correctly,
the chip's key is generated directly from it's ID number
by padding it with 160 random bits and encrypting the whole
mess. 80 bits of the result becomes the key. Obviously, if
you can keep a copy of the 160 bits of padding, then you
can regenerate the chip's local key without calling
up the key-escrow fascility. Apparently, an early document
said that each collection of padding would be used for
a batch of 300 chips. So if you can keep a list of these
padding bits, then you're set...

(Disclosure: This data came from the hip, not from documents.)